Join Slack
Powered by
<https://www.reddit.com/r/Python/comments/1357wra/...
# random
b
busy-vase-39202
05/02/2023, 4:37 PM
https://www.reddit.com/r/Python/comments/1357wra/how_attackers_can_sneakily_slip_malware_packages/
😲 1
b
bitter-ability-32190
05/03/2023, 5:33 AM
Yup. Lockfiles are for reproducibility. The hashes are some security sugar, but you have to trust the lockfile if you want some semblance of security. Usually that means having the lockfile generation be automated by a trusted system.
Open in Slack
Previous
Next